| Age | Commit message (Collapse) | Author |
|---|
|
If a user logs in with a bad CSRF token, the Warden before_logout
hook will be called with no valid user. This would lead to odd
Error 500 messages with a backtrace.
Addresses part of #50857
|
|
We remove this feature as it never worked properly
|
|
|
|
|
|
Resolve "Split admin settings into multiple sub pages"
Closes #44998
See merge request gitlab-org/gitlab-ce!21467
|
|
Lazy load xterm css custom colors file
Closes #44768
See merge request gitlab-org/gitlab-ce!21804
|
|
Manually includes the xterm custom colors
on the 3 files that will need it: job log page,
job terminal page, environment terminal page
Reduces main CSS bundle
|
|
See merge request gitlab-org/gitlab-ce!21689
|
|
|
|
CE: Properly implement prepending for Concern
See merge request gitlab-org/gitlab-ce!21444
|
|
Remove peek-sidekiq
Closes #51407
See merge request gitlab-org/gitlab-ce!21693
|
|
|
|
Enable omniauth by default
Closes #49990
See merge request gitlab-org/gitlab-ce!21700
|
|
|
|
Fix route deprecation warnings in rails 5
See merge request gitlab-org/gitlab-ce!21684
|
|
|
|
The reason for removing this gem is that it's not being maintained
anymore. It uses `alias_method_chain` which is deprecated in rails 5
(and removed in 5.1), the issue is pending upstream (including
a fix) - https://github.com/suranyami/peek-sidekiq/issues/3 for a while.
Peek-sidekiq is used in performance bar for displaying sidekiq
statistics.
|
|
If doing a schema load, the post_migrations should also be marked as up,
even if SKIP_POST_DEPLOYMENT_MIGRATIONS was set, otherwise future
migration runs will be broken.
|
|
Filter any parameters ending with "key" in logs
See merge request gitlab-org/gitlab-ce!21688
|
|
Rails does a partial match for strings in the filter_parameters
configuration, so the parameter "key" causes "key_id" to be filtered
even though it's a useful parameter for debugging internal API issues.
We now revise this filter to make any parameter ending with "key" is
filtered.
Relates to https://gitlab.com/gitlab-com/gl-infra/production/issues/463
|
|
|
|
Fixes rails 5 deprecation warnings in `config/` files
|
|
|
|
|
|
When a container registry has many tags, it's easy for the DELETE call to take more
than 60 seconds and fail. This can also leave the registry in a bad state with
null bytes since some of the images have been deleted with tags still pointing to them.
In addition, we have to prevent users from accidentally initiating the delete multiple
times or this could leave the registry with orphaned tags.
This commit also adds a flash message to notify the user the registry is scheduled
for deletion.
Closes #49926, #51063
|
|
Import common metrics into database.
Closes gitlab-ee#6948
See merge request gitlab-org/gitlab-ce!21459
|
|
|
|
# Conflicts:
# db/schema.rb
|
|
|
|
Fix closing issue default pattern
Closes #51085
See merge request gitlab-org/gitlab-ce!21531
|
|
|
|
* (Suf)fix #51085 :-)
Signed-off-by: Samuele Kaplun <kaplun@protonmail.com>
|
|
Fix attachments not displaying inline with Google Cloud Storage
Closes #49957
See merge request gitlab-org/gitlab-ce!21265
|
|
|
|
|
|
There were several issues:
1. With Google Cloud Storage, we can't override the Content-Type with
Response-Content-Type once it is set. Setting the value to
`application/octet-stream` doesn't buy us anything. GCS defaults to
`application/octet-stream`, and AWS uses `binary/octet-stream`. Just remove
this `Content-Type` when we upload new files.
2. CarrierWave and fog-google need to support query parameters:
https://github.com/fog/fog-google/pull/409/files, https://github.com/carrierwaveuploader/carrierwave/pull/2332/files.
CarrierWave has been monkey-patched until an official release.
3. Workhorse also needs to remove the Content-Type header in the request
(https://gitlab.com/gitlab-org/gitlab-workhorse/blob/ef80978ff89e628c8eeb66556720e30587d3deb6/internal/objectstore/object.go#L66),
or we'll get a 403 error when uploading due to signed URLs not matching the headers.
Upgrading to Workhorse 6.1.0 for https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/297
will make Workhorse use the headers that are used by Rails.
Closes #49957
|
|
This will help production gain more visibility which browsers may be
having issues.
|
|
instead of direct approval
|
|
|
|
|
|
|
|
Rails 5: include opclasses in rails 5 schema dump
See merge request gitlab-org/gitlab-ce!21416
|
|
This MR backports PrometheusMetric model to CE
and adds: common, identifier to figure out what kind of metric is used.
|
|
|
|
|
|
Bump unauthenticated session time from 1 hour to 2 hours
Closes #50393
See merge request gitlab-org/gitlab-ce!21453
|
|
Disable the Sidekiq Admin Rack session
See merge request gitlab-org/gitlab-ce!21441
|
|
Exclude frontend development dependencies from license restrictions
See merge request gitlab-org/gitlab-ce!21430
|
|
GitLab already has its own session store, so this extra Sidekiq session is
unnecessary. In addition, the GitLab session store properly sets the Secure
flag, unlike the default Rack session.
CSRF protection in the Sidekiq /admin page continues to work with the existing
GitLab session.
See https://github.com/mperham/sidekiq/pull/3183 for more details.
Part of #49120
|
|
Users who have their system clocks configured inconsistently due to Daylight
Savings may see a GitLab session cookie that immediately expires, resulting in
a 422 error. To avoid these errors, we can bump the unauthenticated session
time from 1 hour to 2 hours so they have time to login and get the default 7-day
session.
Closes #50393
|
